First published on Sphere Magazine in May 2025
We’ll admit it: Normally, being right about a prediction feels satisfying. However, in this case we’d much rather have been wrong.
When we wrote about why privacy issues are giving the Swiss government a headache back in 2023, it wasn’t exactly front-page news. But perhaps it should have been, because it laid out exactly why businesses could no longer afford to overlook the role jurisdiction plays in digital infrastructure.
Today, with a resurgence of trade tensions between the US and Europe, the broader conversation about sovereignty – economic, technological and legal – is back in painfully sharp focus.
Jurisdiction is the new infrastructure risk
There’s a stubborn misconception in tech circles that data storage is mostly a technical matter. But in reality, infrastructure decisions come with legal consequences. Wires and servers matter, but so do the laws that govern them.
The CLOUD Act gives American law enforcement broad powers to access data held by American companies, no matter where in the world that data physically resides. In effect, this means a US-based provider can be compelled to turn over client information hosted on servers in Zurich, Geneva or anywhere else.
From a legal perspective, the sovereignty of the data centre’s location offers limited protection if the service provider is subject to a foreign jurisdiction. That tension between physical and legal boundaries is at the heart of the current debate, and it’s one that many organisations still haven’t fully reckoned with.
Backstory: The CLOUD Act (AKA the drug trafficking email case the US couldn’t bear to lose)
● In 2013, US prosecutors demanded access to Hotmail emails linked to a major drug trafficking ring.
● But the data wasn’t in the US. The data was sitting in a Microsoft data centre in Ireland.
● Microsoft said no. It argued that US law stops at the border.
● It went all the way to the Supreme Court, with fierce global press coverage.
● Just before a verdict could land, US Congress stepped in and passed the CLOUD Act.
● The new law gave US authorities access to data held by any US-based tech company, even if the data’s stored abroad.
Bottom line? If your provider’s American, your data is fair game… no matter where it lives.
2025 – when the abstract became urgent
In more predictable times, businesses could afford to treat jurisdictional exposure as a theoretical issue. But the past few years have made that stance increasingly untenable. Trade conflicts, regulatory shifts and geopolitical instability have all revealed how fragile global systems can be.
Today, those risks are no longer abstract, with the Trump administration declaring a national emergency and imposing a sweeping 10% tariff on all imports. Additional, targeted tariffs are being levelled at countries with significant trade surpluses, including a 20% hike on EU imports.
For European firms, the implications go far beyond economics. Political pressure, legal unpredictability and regulatory entanglements are re-entering the boardroom conversation in force. And in that context, reliance on US-based cloud providers starts to resemble a vulnerability, no matter how it might have looked like a strength in the past.
Encryption does not equal immunity
Some organisations are responding to these risks via encryption, or exploring regional data hosting options within global providers’ networks. These are useful steps, but they don’t solve the core issue: jurisdiction follows ownership.
Microsoft, for example, offers advanced encryption features that can limit access to data, even internally. However, even giants like Microsoft exist within a legal framework that still obliges the company to comply with US law. While encryption may delay or complicate access requests, it doesn’t nullify them – and it can’t.
The only true protection from foreign legal exposure, therefore, comes from structural independence: choosing infrastructure that is not only hosted locally but also owned and operated under local jurisdiction.
The power of Swiss stability and self-determination
Switzerland’s approach is grounded in a deliberate alignment of values, laws and long-term strategy. A commitment to legal clarity, political neutrality and long-term thinking – not just when the headlines demand it, but by design.
Penta’s Swiss identity reflects a conscious alignment with national principles – legal clarity, regulatory foresight and political neutrality. These are embedded in our operations, shaping how we design, deliver and defend our infrastructure. We have always ensured that our systems, staff and service contracts all remain within the Swiss legal environment, which means we can offer our clients a degree of predictability that is increasingly hard to find elsewhere.
Switzerland isn’t immune from global pressures – no country is – but our regulatory environment is designed to safeguard privacy, maintain neutrality and resist extraterritorial claims in ways that align with our clients’ interests.
Where other providers chose convenience, we chose considered design – and we always will.
The results speak for themselves. Our clients know where their data is, who has access to it and which laws apply. That clarity becomes a powerful competitive advantage in uncertain times.
Building for the future
Whatever tomorrow brings, organisations that bake legal resilience into their infrastructure choices will be better positioned to adapt.
The headlines will change, and the tariffs may come and go – but the need for clarity, continuity and control will remain.
That’s why we built Penta the way we did. It’s why, when the world shifts again (and again), we won’t be scrambling to keep up. And neither will our clients.
So, yes, we said this would happen. We wish we’d been wrong. But we weren’t – and now it matters more than ever.
It’s time to explore what true sovereignty looks like. Let’s talk.
www.penta.ch